Fake Job Interviews Target Developers With New Python Backdoor (bleepingcomputer.com) 16
An anonymous reader quotes a report from BleepingComputer: A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). The developers are asked to perform tasks supposedly related to the interview, like downloading and running code from GitHub, in an effort to make the entire process appear legitimate. However, the threat actor's goal is make their targets download malicious software that gathers system information and enables remote access to the host. According to Securonix analysts, the campaign is likely orchestrated by North Korean threat actors based on the observed tactics. The connections are not strong enough for attribution, though. [...]
Although the perpetrators of the Dev Popper attack aren't known, the tactic of using job lures as bait to infect people with malware is still prevalent, so people should remain vigilant of the risks. The researchers note that the method "exploits the developer's professional engagement and trust in the job application process, where refusal to perform the interviewer's actions could compromise the job opportunity," which makes it very effective.
Although the perpetrators of the Dev Popper attack aren't known, the tactic of using job lures as bait to infect people with malware is still prevalent, so people should remain vigilant of the risks. The researchers note that the method "exploits the developer's professional engagement and trust in the job application process, where refusal to perform the interviewer's actions could compromise the job opportunity," which makes it very effective.
LOL! (Score:5, Funny)
I wouldn't even install Teams for a "job interview" :)
Re: (Score:2)
Re: (Score:2)
Not anymore, the web client works with open source browsers (though the videoconferencing features has issues on my Firefox linux configuration, so I use it with chromium).
Re: LOL! (Score:1)
My hardware, my choice.
Job Interviewers may (Score:1)
part of this sound likes do free work for us that (Score:3)
part of this sound likes do free work for us that some places do try.
so they want to download and fix there code in the hope of maybe getting an job?
Re: (Score:2)
It's an interesting question. I've never encountered a "do work for us" but i've certainly spent hours, once a few days on some projects for interviews and i've also given them out.
I've also had full day interviews for jobs. Sometimes multiple half days. Most places i've worked had fairly short interview processes and even that would be at least 6 hours of involvement to get a job.
The movie industry is mulling it over too:
https://web.archive.org/web/20... [archive.org]
And idk what the state is of no cost estimates for
Re: (Score:2)
Sure. Here's your code. Hire me and I'll tell you where the logic bomb is.
Re: (Score:2)
part of this sound likes do free work for us that some places do try.
I keep reading this, but it neither matches my experience during job interviews, nor would I want any job applicant to write my code. In many professional jobs it takes months to become productive, and that means with access to colleagues and documentation, so there is no chance, that an outsider could create anything of significance during the interview process. If you hand out a small junk of software work to an outsider, you'd also have to specify it very precisely and you'd have to review the result tho
Kind of interesting (Score:5, Funny)
Re: (Score:2)
We do not appreciate it if former employees post confidential information about the inner workings online, even after leaving The Company.
That incident will be examined.
Spawn on a separate host or VM? (Score:5, Insightful)
I remember job interviews like this from a few years back. What I did was spawn an AWS LightSail instance with a static IP and go from there. When the interview is finished, I'd just nuke the VM and call it done.
Maybe it is part of being a good developer to run stuff that is potentially compromising, on a sandbon/VM, on a separate network.
Assume the worst (Score:2)
While 'do what I say' corporate blackmail is common (think EULA), everyone should assume the worst when anonymous or unverified adverts appear. Doubly-so for unseen or unverified code.
I'd consider that part of the interview (Score:3)
You install unsolicited code on something other than a VM that contains no sensitive information, running on a computer you will wipe after the interview, on a connection that isn't physically separated from the rest of your network?
Sorry, your security conscience is not at the level we require.